• Status: Solved
  • Priority: High
  • Security: Private
  • Views: 83
  • Last Modified:

Active directory Attribute

Hi,

Please I need a script (vbscript or Powershell)  to export the following attribute from two "OU" in active directory,
After to run the script we obtein a output file .csv (encode in UTF-8 )

I want to display in the output file the following fields:
"Account","Disabled","First Name","Last Name","Mail"

*Disable = True or False
"""ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local"",""DC1Serv.dom.local"""
"""ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local"",""DC1Serv.dom.local"""

Best regards,
0
DRRAM
Asked:
DRRAM
  • 29
  • 27
3 Solutions
 
yo_beeDirector of ITCommented:
Here is my script

Import-Module ActiveDirectory
$DNArray = @('OU=Users,OU=Production,OU=XXX,DC=XXXXXX,DC=local','OU=HELPDESK,OU=Users,OU=Production,OU=XXX,DC=XXXXXX,DC=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select Name,Enabled,GivenName,sn,mail 

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

Open in new window


This it modified with your OU's

Import-Module ActiveDirectory
$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local',,'ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select Name,Enabled,GivenName,sn,mail 

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

Open in new window

1
 
MilesLoganCommented:
This may also help

$OUs = 'OU ONE DN', 'OU TWO DN'
$(ForEach ($OU in $OUs) { Get-aduser -filter * -SearchBase $OU -Properties samaccountName, enabled, GivenName, SN, mail | Select-Object samaccountName, enabled, GivenName, SN, mail }) | Export-csv C:\Data\UserData.csv -nti

Open in new window

1
 
yo_beeDirector of ITCommented:
@MilesLogan

I like seeing an alt method.
0
SMB Security Just Got a Layer Stronger

WatchGuard acquires Percipient Networks to extend protection to the DNS layer, further increasing the value of Total Security Suite.  Learn more about what this means for you and how you can improve your security with WatchGuard today!

 
DRRAMAuthor Commented:
Hi,
Please can you modify the script because when I run the script; In the output file, I see the following fields
Name,Enabled,GivenName,sn,mail

But I need to display in the output file the following fields:
 "Account","Enabled","First Name","Last Name","Mail"
0
 
DRRAMAuthor Commented:
Please I am waiting your help.
0
 
yo_beeDirector of ITCommented:
Not sure what you are referencing for the Account Attribute?
0
 
DRRAMAuthor Commented:
Hi,
when I run the script; In the output file, I need to see the following fields in display name (first line)

 "Account","Enabled","First Name","Last Name","Mail"

Best regards
0
 
yo_beeDirector of ITCommented:
OK, but what value do you want to populate the Account column.
0
 
yo_beeDirector of ITCommented:
Let me know if this works
Import-Module ActiveDirectory
$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local',,'ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},@{n="Disabled";e={($_.enabled)}},@{n="First Name";e={($_.GivenName)}},@{n="Last Name";e={($_.sn)}},@{n="EmailAddress";e={($_.mail).ToLower()}} 

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

Open in new window

0
 
DRRAMAuthor Commented:
Please I need to add the name of Domain controller on the folowing path

$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local',,'ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')

Bes regards;
0
 
yo_beeDirector of ITCommented:
You cannot get that attribute from the users attribute that are available.  If you mean the OU that holds the user or the full distinguished name (DN).  Here are both options.

Account = Distinguish Name

Import-Module ActiveDirectory
$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail,DistinguishedName | Select @{n="Account";e={($_.DistinguishedName).ToLower()}},@{n="Disabled";e={($_.enabled)}},@{n="First Name";e={($_.GivenName)}},@{n="Last Name";e={($_.sn)}},@{n="EmailAddress";e={($_.mail).ToLower()}} 

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

Open in new window


Here is the user's OU for the account column

Import-Module ActiveDirectory
$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail,DistinguishedName | Select @{n="Account";e={$User.DistinguishedName.Substring($User.DistinguishedName.IndexOf(",OU=")+1)}},@{n="Disabled";e={($_.enabled)}},@{n="First Name";e={($_.GivenName)}},@{n="Last Name";e={($_.sn)}},@{n="EmailAddress";e={($_.mail).ToLower()}} 

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

Open in new window

0
 
DRRAMAuthor Commented:
I want search the users from the two OUs  from the same DC server;
Where I can add the DC server in the code?????
0
 
yo_beeDirector of ITCommented:
Do you have multiple domains in your environment?  If not it does not matter what DC you get the information from.
This attribute is not stored in the user's list of attributes.
0
 
DRRAMAuthor Commented:
I have One domain but I have some DC (Controller domain) for that I want to specify the DC server name
0
 
yo_beeDirector of ITCommented:
If you have 3 DC's its a round robin for which one is used to query unless you use the -server switch for Get-ADuser, but not sure how this makes a difference.
If your domain is healthy then all data should have replicated to the other DC's.  So when you query your domain for a user it will be pulled from any one of your DC's

Import-Module ActiveDirectory
$DNArray = @ ('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local',,'ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Server DC01-Properties Name,Enabled,GivenName,sn,mail,DistinguishedName | Select @{n="Account";e={$User.DistinguishedName.Substring($User.DistinguishedName.IndexOf(",OU=")+1)}},@{n="Disabled";e={($_.enabled)}},@{n="First Name";e={($_.GivenName)}},@{n="Last Name";e={($_.sn)}},@{n="EmailAddress";e={($_.mail).ToLower()}} 

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

Open in new window

1
 
yo_beeDirector of ITCommented:
Following up to see if my last comment made sense?
0
 
DRRAMAuthor Commented:
thx
0
 
yo_beeDirector of ITCommented:
Thanks for accepting my suggestion, but I am still curious on why you need the server.  By you adding the -Server switch it is implicated applied that it is coming from that server.   So if that is the case you can populate the table with a static value of <DC01>.  

It does not make sense to me the importance of this info.
0
 
DRRAMAuthor Commented:
Because we have some DCs in the world and I need to define two DCs (for example DCs of London city) when I run the script In office of London.
But I don't Know how can I add two DCs in the script?

Thx
0
 
yo_beeDirector of ITCommented:
But is you have a single domain all your locations should have the same data.  If you have your Sites and Services setup properly for the different subnets then that would be the DC the clients are talking to. If you leave Sites and Services as the default and all your DC's are talking to all subnets then it is a round-robin to which DC the client is talking to.  

It sounds like you have a domain that is disjointed and not properly configured if you need to speak to a specific DC.  

So you are saying that LondonDC01 has different data that USADC01, but has the same OU's ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local ?
0
 
yo_beeDirector of ITCommented:
0
 
DRRAMAuthor Commented:
Yes I agree
 Thx very much for your help
0
 
yo_beeDirector of ITCommented:
You agree with what?
It seems to me that you might not fully understand how Active Directory works and is configured.  I am trying to understand your needs for the specific DC and if it is because the data is not the same at each DC then like I said you have a bigger problem on your hands.
0
 
DRRAMAuthor Commented:
Hi,

When I run the script on server 2008 R2;

I have the message error:

Error: Exception calling "LoadFile" with "1" argument(s): "This assembly is built by a runtime newer than the currently
loaded runtime and cannot be loaded. (Exception from HRESULT: 0x8013101B)"
0
 
yo_beeDirector of ITCommented:
Do you have RSAT installed with Active Directory Powershell Module?
https://4sysops.com/archives/how-to-install-the-powershell-active-directory-module/
0
 
DRRAMAuthor Commented:
Ok thx,

But I have another error in the output file :

é=?
à=?

What is the resolution please
0
 
yo_beeDirector of ITCommented:
Can you post your script and out as it should up on your screen?
0
 
DRRAMAuthor Commented:
the same script

Import-Module ActiveDirectory
$DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local',,'ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
$users = $null
Foreach ($dn in $dnarray)
{

$users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},
@{n="Disabled";e={($_.enabled)}},
@{n="First Name";e={($_.GivenName)}},
@{n="Last Name";e={($_.sn)}},
@{n="EmailAddress";e={($_.mail).ToLower()}}

$users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

}

In Outputfile

First Name
Al?xandre

correct  : Aléxandre
0
 
yo_beeDirector of ITCommented:
Do you have the Active Directory Powershell installed on the computer you are running this from?
0
 
DRRAMAuthor Commented:
yes I have
0
 
yo_beeDirector of ITCommented:
You call have two ,, for the $DNARRAY
here is an adjusted script
Import-Module ActiveDirectory
 $DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
 $users = $null
 Foreach ($dn in $dnarray)
 {

 $users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},
 @{n="Disabled";e={($_.enabled)}},
 @{n="First Name";e={($_.GivenName)}},
 @{n="Last Name";e={($_.sn)}},
 @{n="EmailAddress";e={($_.mail).ToLower()}} 

 $users |Export-Csv -Path '.\AD.csv' -NoTypeInformation -force  

 } 

Open in new window

0
 
DRRAMAuthor Commented:
yes I corrected before
0
 
yo_beeDirector of ITCommented:
What is your Output result?
0
 
DRRAMAuthor Commented:
my output file is ok but just it converted the é or ç or à or other waracter with accent to this symbol  ?
0
 
yo_beeDirector of ITCommented:
What language is your DC's set at ?
0
 
DRRAMAuthor Commented:
the problem isn't my DCs because when I use a vbscript I don't have a problem for accent
0
 
DRRAMAuthor Commented:
do you have any idea ?

please
0
 
yo_beeDirector of ITCommented:
So you do have none English characters.
0
 
DRRAMAuthor Commented:
I don't have the frensh characters.
0
 
yo_beeDirector of ITCommented:
Add the -Encoding UTF8 to the end of the Export-csv cmdlet

Import-Module ActiveDirectory
 $DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
 $users = $null
 Foreach ($dn in $dnarray)
 {

 $users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},
 @{n="Disabled";e={($_.enabled)}},
 @{n="First Name";e={($_.GivenName)}},
 @{n="Last Name";e={($_.sn)}},
 @{n="EmailAddress";e={($_.mail).ToLower()}} 

 $users |Export-Csv -Path '.\AD.csv' -NoTypeInformation   -Encoding UTF8 -force  

 } 

Open in new window

0
 
DRRAMAuthor Commented:
very good thx;

Please, Can you explain me how I can change the separator between attribute in the output file from , to ;
0
 
DRRAMAuthor Commented:
yo_bee
please do you have any suggestions to change the separator ?
0
 
yo_beeDirector of ITCommented:
add -delimiter ';'  inline with the export-csv  

Import-Module ActiveDirectory
 $DNArray = @('ou=Accounts,ou=Sales,ou=USA,dc=Dom,dc=local','ou=Accounts,ou=Marketing,ou=USA,dc=Dom,dc=local')
 $users = $null
 Foreach ($dn in $dnarray)
 {

 $users += Get-ADUser -filter * -SearchBase $dn -SearchScope OneLevel -Properties Name,Enabled,GivenName,sn,mail | Select @{n="Account";e={($_.name).ToLower()}},
 @{n="Disabled";e={($_.enabled)}},
 @{n="First Name";e={($_.GivenName)}},
 @{n="Last Name";e={($_.sn)}},
 @{n="EmailAddress";e={($_.mail).ToLower()}} 

 $users |Export-Csv -Path '.\AD.csv' -NoTypeInformation  -Delimiter ';' -Encoding UTF8 -force  

 } 

Open in new window

0
 
DRRAMAuthor Commented:
yo_bee
When I run the script, I obtain the following message

 Editing the execution strategy
The execution strategy can protect you against scripts that you consider unreliable. By modifying the
execution strategy, you expose yourself to the security risks described in the Help topic
about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170. Do you want to change the strategy
execution?
[O] Yes [T] Yes for all [N] No [U] No for all [S] Suspend [?] Help (default is "N"):

Open in new window

0
 
yo_beeDirector of ITCommented:
Since you are running a script that is not signed you will get this message unless you change the policy to unrestricted.

The url in the message explains it all.
0
 
DRRAMAuthor Commented:
can you add the command in the script ? and hide the message?
0
 
DRRAMAuthor Commented:
yo_bee
please do you have any suggestions to change the code?
Thx
0
 
yo_beeDirector of ITCommented:
No.  This is something that you need to set for your computer's Powershell environment.
You have a few option and one of them is to set to unrestricted
I have never put this in a script before.
This is what I did and then the setting is always what you just set.
Set-ExecutionPolicy unrestricted 

Open in new window

0
 
yo_beeDirector of ITCommented:
0
 
DRRAMAuthor Commented:
I want to use :
Set-ExecutionPolicy bypass
0
 
yo_beeDirector of ITCommented:
what happens when you set that
0
 
DRRAMAuthor Commented:
in windows 10 : error message to modify the registry key
in Windows 2008 R2 nothing
0
 
yo_beeDirector of ITCommented:
If you run Powershell with elevated permission are you able to set it on the windows 10 machine and run your script?
0
 
DRRAMAuthor Commented:
yes it's ok when I run with admin account
0
 
yo_beeDirector of ITCommented:
So what's the issue then.  This seems like it would be an admin task to run anyway.
0
 
DRRAMAuthor Commented:
great thx
0
 
yo_beeDirector of ITCommented:
Sorry I was not able to give you better info, but this is how Powershell works.

Since this is closed others really do not pay much attention. I would recommend posting a follow up question with this script and see what others say.
0

Join & Write a Comment

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 29
  • 27
Tackle projects and never again get stuck behind a technical roadblock.
Join Now